SUSE-SU-2026:20726-1

See a problem?
Please try reporting it to the source first.
Source
https://www.suse.com/support/update/announcement/2026/suse-su-202620726-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2026:20726-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2026:20726-1
Upstream
Related
Published
2026-03-16T09:25:21Z
Modified
2026-03-24T23:10:55.004341Z
Summary
Security update for freetype2
Details

This update for freetype2 fixes the following issue:

Update to freetype2 2.14.2:

  • CVE-2026-23865: Integer overflow in the ttvarloaditemvariation_store function (bsc#1259118).

Changelog:

  • Several changes related to LCD filtering are implemented to achieve better performance and encourage sound practices.
  • Instead of blanket LCD filtering over the entire bitmap, it is now applied only to non-zero spans using direct rendering. This speeds up the ClearType-like rendering by more than 40% at sizes above 32 ppem.
  • Setting the filter weights with FTFaceProperties is no longer supported. The default and light filters are optimized to work with any face.
  • The legacy libXft LCD filter algorithm is no longer provided.
  • A bunch of potential security problems have been found (bsc#1259118, CVE-2026-23865). All users should update.
  • The italic angle in PS_FontInfo is now stored as a fixed-point value in degrees for all Type 1 fonts and their derivatives, consistent with CFF fonts and common practices. The broken underline position and thickness values are fixed for CFF fonts.
  • The x field in the FT_Span structure is now unsigned.
  • Demo program ftgrid got an option -m to select a start character to display.
  • Similarly, demo program ftmulti got an option -m to select a text string for rendering.
  • Option -d in the demo program ttdebug is now called -a, expecting a comma-separated list of axis values. The user interface is also slightly improved.
  • The ftinspect demo program can now be compiled with Qt6, too.
  • The auto-hinter got new abilities. It can now better separate diacritic glyphs from base glyphs at small sizes by artificially moving diacritics up (or down) if necessary
  • Tilde accent glyphs get vertically stretched at small sizes so that they don't degenerate to horizontal lines.
  • Diacritics directly attached to a base glyph (like the ogonek in character 'ę') no longer distort the shape of the base glyph
  • The TrueType instruction interpreter was optimized to produce a 15% gain in the glyph loading speed.
  • Handling of Variation Fonts is now considerably faster
  • TrueType and CFF glyph loading speed has been improved by 5-10% on modern 64-bit platforms as a result of better handling of fixed-point multiplication.
  • The BDF driver now loads fonts 75% faster.
References

Affected packages

SUSE:Linux Micro 6.0 / busybox

Package

Name
busybox
Purl
pkg:rpm/suse/busybox&distro=SUSE%20Linux%20Micro%206.0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.36.1-3.1

Ecosystem specific 

{
    "binaries": [
        {
            "busybox": "1.36.1-3.1"
        }
    ]
}

Database specific

source 
"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2026:20726-1.json"

SUSE:Linux Micro 6.1 / freetype2

Package

Name
freetype2
Purl
pkg:rpm/suse/freetype2&distro=SUSE%20Linux%20Micro%206.1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.14.2-slfo.1.1_1.1

Ecosystem specific 

{
    "binaries": [
        {
            "libfreetype6": "2.14.2-slfo.1.1_1.1"
        }
    ]
}

Database specific

source 
"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2026:20726-1.json"